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RELIABILITY  PREDICTION  FOR  COMPUTERIZED 
MINE-MONITORING  SYSTEMS 


By  Raymond  M.  Kacmar^  and  Edward  F.  Fries^ 


ABSTRACT 

This  report  presents  the  Bureau  of  Mines  research  on  the  hardware 
reliability  prediction  for  two  Bureau  monitoring  projects.  The  basic 
concepts  of  reliability  predictions  are  introduced  along  with  the  reli- 
ability models  and  assumptions  used  for  this  particular  evaluation.  The 
results  of  the  reliability  predictions  are  for  ground-fixed  and  naval- 
sheltered  environments. 


^tlectrical  engineer,  Pittsburgh  Research  Center,   Bureau  of  Mines,   Pittsburgh,  PA 
(now  with  Defense  Contracts  Administrative  Services,  Los  Angeles,  CA) . 
'^Electrical  engineer,  Pittsburgh  Research  Center. 


INTRODUCTION 


By  using  computerized  systems  that  are 
appearing  in  the  marketplace,  mine  opera- 
tors now  can  monitor  and  display  the  sta- 
tus of  underground  conditions.  However, 
before  they  buy,  install,  and  depend  on 
these  systems  they  need  to  know  how  reli- 
able the  data  from  the  system  will  be; 
also,  they  need  to  predict  how  future  ex- 
pansions will  affect  system  reliability. 
The  Bureau  of  Mines  is  conducting  re- 
search to  determine  the  reliability  of 
current  monitoring  systems  and  also  to 
demonstrate  that  standard  reliability 
prediction  techniques  can  be  modified  to 
predict  the  reliability  of  equipment  op- 
erating in  a  mine  environment. 

The  mine  monitoring  systems  researched 
for   this   report   are   electromechanical 


systems  that  remotely  sense  various  envi- 
ronmental and  operational  parameters  and 
transmit  the  data  to  a  central  location 
where  the  data  are  analyzed  and/or  dis- 
played. The  equipment  normally  required 
to  perform  these  functions  consists  of 
transducers,  telemetry,  one  or  more  com- 
puters, and  the  associated  peripherals 
and  input-output  interfaces.  In  the  ba- 
sic system,  the  output  from  a  transducer 
is  converted  to  a  format  that  enables  a 
signal  to  be  transmitted  to  a  central 
computer  station.  There,  a  processor  (or 
system  of  processors)  tabulates  the  data, 
compares  it  with  present  alarm  condi- 
tions, displays  results,  logs  the  data 
for  future  reference,  and  performs  other 
calculations  and  data  management. 


SYSTEM  DESCRIPTIONS 


Both  systems  selected  for  these  reli- 
ability predictions  (to  be  referred  to 
as  system  A  and  system  B)  have  been  in- 
stalled as  research  projects  in  conjunc- 
tion with  the  Bureau.  System  A  is  lo- 
cated in  a  research  mine,  owned  by  the 
Bureau,  in  Allegheny  County,  PA.  System 
B  is  located  in  a  commercial  mine  in  In- 
diana County,  PA.  Although  the  system 
configurations  are  different,  they  are 
both  representative  of  current  tech- 
nology. The  computer  stations  used  for 
these  systems  were  selected  by  the  Bureau 
under  competitive  bid.  They  consist  of  a 
microprocessor-based  controller  with  a 
cathode  ray  tube  (CRT)  and  floppy  disk 
drive  and  two  printers. 

It  should  be  noted  that  both  systems 
are  currently  being  modified  to  upgrade 
system  capabilities.  Therefore,  the  re- 
liability predictions  in  this  report  will 
only  apply  to  the  original  system  config- 
urations. However,  these  predictions  can 
be  easily  adjusted  once  the  hardware  mod- 
ifications have  been  completed. 

The  telemetry  system  used  for  sys- 
tem A  employed   a  four-wire   frequency 


shift-keyed  communications  link.  Two  of 
the  wires  were  used  to  transmit  data  and 
two  were  used  to  receive  data.  On  the 
surface,  a  telemetry  card  and  local 
modem  connected  the  computer  to  the 
telemetry  line.  At  the  sensing  loca- 
tions, an  analog-to-digital  (A/D)  con- 
verter and  a  remote  modem  connected  the 
transducers.  Previously,  there  were  five 
communication  "outstations"  being  used. 
One  station  was  located  on  the  surface 
and  four  stations  were  located  under- 
ground. A  block  diagram  of  this  system 
is  shown  in  figure  1. 

For  system  B,  two  "trunk  lines"  (four- 
wire  telemetry  cables,  each  consisting  of 
two  power  lines  and  two  data  lines)  were 
used  to  monitor  methane,  carbon  monoxide, 
and  airflow.  A  block  diagram  of  this 
system  is  shown  in  figure  2. 

The  transducers  sent  measurements  to 
the  central  station  through  an  A/D  tele- 
metry card.  The  analog  voltage  from  the 
transducer  is  converted  to  an  8-bit  digi- 
tal message  and  is  then  telemetered  to 
the  computer. 


RELIABILITY  PREDICTIONS 


METHODOLOGY 


The  standard  procedures   for  performing 
reliability  predictions   are  described  in 


the  military  handbook  (MIL-HDBK)  217D, 
"Reliability  Prediction  of  Electronic 
Equipment."  When  possible,  the  methods 
in  217D,   paragraph  5.1,   are  to  be  used. 
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FIGURE  2.— Block  diagram  of  system  B. 


The  equations  contained  in  this  section 
of  the  handbook  require  the  detailed 
knowledge  of  the  stress  and  quality  lev- 
els of  the  components  in  the  equipment 
under  study.  However,  this  detailed  in- 
formation on  the  parts  used  for  the  moni- 
toring systems  was  not  available  for  this 
analysis.  Therefore,  a  combination  of 
the  following  two  methods  was  used  to  ar- 
rive at  the  predicted  system  reliability 
for  the  two  configurations:  parts-count 
and  prior  experience, 

Parts-Count  Reliability 

When  the  methods  of  paragraph  5.1  can- 
not be  used,  MIL-HDBK  217D  recommends 
the  use  of  paragraph  5.2,  "Parts-Count 
Reliability  Prediction."  This  method  is 
based  on  the  type  and  quantity  of  the 
parts  used.  For  this  evaluation,  it  was 
used  for  equipment  and  assemblies  whose 
parts  lists  were  available  or  could  be 
derived.  This  prediction  procedure  has 
limitations,  and  past  experience  has 
shown  it  to  be  conservative.  Average 
stress  levels  are  assumed  for  parts  such 
that  the  system  reliability  can  be  ex- 
pressed as 

1 


MTBF  (SYSTEM)  = 


(1) 


I  NiCXe.TTQ.) 
i=l 


Where  for  a  given  environment 

MTBF  (SYSTEM)  =  the  system  average   time 
between  failure,  h, 

Xq  =  generic  failure  rate  for 
the  i^*^  generic  part, 
failures/MM  h, 

Up  =  quality  factor  for  the 
i^'^  generic  part, 

Nj  =  quantity  of  the  i^^  ge- 
neric part, 

and         n  =  number  of   different   ge- 
neric part  categories. 

The  following  gives  a  sampling  of  the 
assumptions  used  for  the  parts-count 
prediction: 


1.  Ambient  temperature  (T^)  =  40°  C 
for  ground-fixed  environment  (Gp). 

2.  Applied  stress  ratio  =  0.5  =  actual 
power  dissipated  per  maximum  rated 
power. 

3.  Uses  average  complexities;  e.g., 
any  integrated  circuit  in  501-1,000  gate 
range  uses  875  gates  for  calculation. 

4.  A  limited  number  of  quality 
factors. 

Prior  Reliability  Data 

For  this  method,  reliability  data  for 
similar  parts  used  in  other  applications 
were  used.  This  information  was  obtained 
from  conversations  with  reliability  ex- 
perts at  the  Department  of  Air  Force, 
Rome  Air  Development  Center  (RADC),  Reli- 
ability and  Maintainability  Engineering 
Section  (RBER),  Griff iss  Air  Force  Base, 
New  York.  This  method  was  used  since 
several  components  and  assemblies  were 
not  of  the  type  that  lend  themselves 
to  parts-count  prediction  techniques  or 
could  not  be  broken  down  into  their  con- 
stituent parts.  As  a  result,  the  reli- 
ability of  these  assemblies  were  based  on 
information  obtained  from  RADC  person- 
nel who  have  had  experience  with  similar 
equipment  in  the  past  on  Air  Force  sys- 
tems. Where  complexities,  environment, 
and/or  duty  cycles  differed  from  that  of 
the  equipment  under  study,  adjustments 
were  made  by  RADC. 

RELIABILITY  PREDICTION  ASSUMPTIONS 

As  a  baseline  for  the  prediction,  other 
assumptions  were  necessitated  as  follows: 

1.  Series  model. — A  series  model  was 
assumed  such  that  a  failure  of  any  sub- 
system or  assembly  caused  a  system 
failure. 

2.  Duty  cycles. — All  equipment  was  as- 
sumed to  be  operated  at  100%  of  the  sys- 
tem's operational  time  with  the  following 
exceptions: 

a.  Alarm  printer. — The  alarm  printer 
was  assumed  to  operate  only  10%  of  the 
time  where  the  status  printer  was  assumed 
to  operate  100%.  This  assumption  is 
based  on  the  fact  that  the  alarm  printer 
only  operates  to  output  alarm  conditions. 


b.  Disk  drive  and  controller. — These 
assemblies  were  assumed  to  be  required  5% 
of  the  time  because  they  are  used  only  to 
Initialize  the  system. 

3.  Environmental  conditions. — The 
methodology  for  the  prediction  was  in  ac- 
cordance with  MIL-HDBK  217D,  which  does 
not  have  a  mine  environment.  The  Envi- 
ronmental Impact  section  assesses  the 
system  reliability  in  different  environ- 
ments. For  the  prediction  baseline,  a 
ground-fixed  environment  was  assumed. 

4.  Parts  quality. — As  a  baseline,  com- 
mercial plastic  devices  were  assumed  for 
integrated  circuits  and  semiconductors 
(active  devices).  Passive  devices  such 
as  resistors  and  capacitors  were  assumed 
to  be  of  commercial  quality. 

5.  Sensing  elements. — The  reliability 
of  sensing  elements  themselves  was  not 
considered.  It  was  assumed  that  preven- 
tive maintenance  made  their  failure  rate 
contribution   negligible.     Electronics 


associated  with  the  sensing  function  are 
included. 

6.  Software  reliability. — The  reli- 
ability of  the  system  software  was  not 
evaluated  for  this  report.  However,  sim- 
ilar methods  exist  to  determine  software 
reliability  but  are  beyond  the  scope  of 
this  report. 

RELIABILITY  MODELS 

For  this  analysis,  the  two  system  con- 
figurations were  separated  into  four 
functional  subsystems:  data  processing, 
communications,  power,  and  transducers. 
This  functional  designation  was  made  to 
simplify  future  comparison  between  pre- 
dicted and  actual  operation.  Table  1 
lists  the  assemblies  composing  the  func- 
tional subsystems  at  each  location.  Fig- 
ures 3  and  4  indicate  how  the  systems 
were  configured  for  the  reliability  mod- 
els with  each  block   (or  assembly)  being 
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FIGURE  3.— System  A  reliability  configuration. 


required  for  the  operational  success  of 
the  system.  Using  this  reliability  mod- 
el and   the   four   functional   subsystems 


MTBF  = 


previously  discussed,  the  MTBF  of 
system  can  be  expressed  as  follows: 


1 


A(DPS)  +  X(COMM)  +  X(PS)  +  X(TRANS) 


the 


(2) 


where 


X(DPS)  =  failure  rate  for  the 
data  processing  sub- 
system failures/MM  h, 

X(COMM)  =  failure   rate   for  the 
communication 
subsystem, 


and 


X(PS) 
X(TRANS) 


failure  rate   for   the 
power  subsystem, 

failure  rate  for  the 
transducer  subsystem. 


TABLE  1.  -  Functional  subsystems 


Site   subsystem 

System  A 

System  B 

Data  processing 

1   console   and   2   line   printers. 

1   console  and   2   line   printers. 

Communications 

Telemetry  with   local  modem: 

1    line  driver  assembly,    13  A/D 

1    surface   outstation,    4  mine 

boards,    13  junction  boxes. 

outstations,    junction  boxes, 

connectors. 

connectors. 

Power 

1   uninterruptible   power   sup- 

Transient  protection,    2  junc- 

ply,   junction  boxes,    power 

tion  boxes,    connectors. 

lines,    connectors. 

Transducers .......... 

1    surface   outstation  and 
4  mine   outstations  with 

5   CO,    5  airflow,    and   3   CH4 
transducers. 

1    each  CO,    airflow,    and  CH4 

transducers. 
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FIGURE  4.— System  B  reliability  configuration. 


PREDICTION  DATA  AND  ANALYSIS 

The  data  needed  to  perform  the  parts- 
count  prediction  were  obtained  from  the 
schematics  and  parts  lists  of  the  various 
assemblies.  A  sample  worksheet  for  the 
calculation  is  shown  in  figures  5  and  6. 
However,  because  of  the  proprietary  na- 
ture of  the  monitoring  systems,  the  ac- 
tual number  and  type  of  components  used 
for  the  calculations  are  not  shown. 

The  failure  rate  (    ■   J  for  a  partic- 
\  MTBF  / 

ular  group  of  similar  components  is  then 
derived  by  multiplying  the  number  of 
components  by  the  generic  failure  rate 
(obtained  from  217D)  and  the  appropri- 
ate quality   factor.   As  an  example,   the 


failure  rate  for  12  nonmilitary  plastic 
resistors  would  be  as  follows: 

A  =  (NiXXeXTTQ), 

=  (12)  (0.0010(3), 

=  0.0396. 

The  failure  rate  for  a  particular  assem- 
bly is  then  obtained  by  adding  the  fail- 
ure rates  for  all  of  the  components  used. 
Likewise,  the  failure  rate  for  a  subsys- 
tem is  obtained  by  adding  the  failure 
rates  for  each  of  the  assemblies  used. 
Finally,  the  predicted  reliability  of  the 
system  is    derived   using   equation   2. 
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FIGURE  5.— Sample  form  for  assembly-rate  summary. 
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FIGURE  6.— Sample  form  for  microclrcult  failure-rate  summary. 


The  results  of  the  reliability  predic- 
tions for  the  two  configurations  are 
shown  in   figures  7   and  8.   The   results 


on  the  assembly  and  subsystem  levels  are 
shovm  in  figures  9  through  15. 


ENVIRONMENTAL  IMPACT  ON  EQUIPMENT 


The  previous  predictions  for  the  sys- 
tems were  performed  using  the  MIL-HDBK- 
217D  ground-fixed  environment.  However, 
as  noted  before,  the  handbook  does  not 
have  a  specific  environmental  factor  that 
represents  the  operation  of  equipment  in 
a  mine  atmosphere.  It  could  be  argued 
that  this  atmosphere  is  more  severe  than 
ground  fixed  because  of  the  humidity 
and  contamination-corrosion  problems.  On 
the  other  hand,  it  could  be  less  severe 
owing  to  a  lower  ambient  temperature.   As 


a  result  of  this  uncertainty,  the  envi- 
ronmental impact  on  the  prediction  re- 
sults were  reviewed.  Table  2  shows  how 
the  MTBF  varies  as  a  function  of  environ- 
ment and  the  conditions  that  define  the 
environment  in  MIL-HDBK  217D.  Figures  16 
and  17  show  the  system  reliability  re- 
vised when  a  naval-sheltered  environment 
is  used  for  the  equipment  in  the  mine, 
and  when  a  ground-fixed  (Gp)  environment 
is  used  for  the  surf ace 'equipment . 


CONCLUSION 


The   predicted   reliability   of  mine 
monitoring   systems  A  and   B  using   the 


methodology  presented 
(on  page  11)  in  hours; 


in  this   paper  are 
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FIGURE  7.— Gp  environment  for  system  A. 
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TABLE  2.  -  Environmental  impact  on  equipment 


Example 

MTBF 

MIL-HDBK  217  environment 

Environment  definition 

Ta,  °C 

part  E 
(IC) 

adjust 
factor 

Ground-benign  (Gb) 

Nearly  zero  environmental  stress 
with  optimum  engineering  oper- 
ation and  maintenance. 

30 

0.38 

0.21 

Ground-fixed  (Gp) 

Conditions  less  than  ideal  to 
include  installation  in  per- 
manent racks  with  adequate 
cooling  air,  maintenance  by 
military  personnel,  and  possi- 
ble installation  in  unheated 
buildings. 

40 

2.50 

1.00 

Naval-sheltered  (N s) 

Surface  ship  conditions  similar 
to  Gp  but  subject  to  occasional 
high  shock  and  vibration. 
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ditions but  with  repetitive 
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FIGURE  16.— System  A  reliability— adjusted. 
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FIGURE  17.— System  B  reliability— adjusted. 


part-quality  upgrade  and  elimination  of 
reliability  design  deficiencies.  As  pre- 
viously defined  in  the  prediction  as- 
sumption, the  baseline  prediction  was 
performed  using  standard-quality  parts. 
Sensitivity  to  part-quality  as  a  poten- 
tial means  of  reliability  is  a  proven 
fact  based  on  field  experience.  Reli- 
ability of  the  system  can  be  improved  by 
doing  the  following: 

0  Use  hermetic  devices  in  an  atmos- 
phere as  corrosive  and  humid  as  that  of  a 
mine. 

0  Use  MIL-grade  connectors  and  solder 
connections  instead  of  integrated-circuit 
sockets. 


13 


o  Establish  a  well-defined  inspection 
and  preventive  maintenance  schedule. 

0  All  equipment  should  be  burned-in  at 
an  elevated  temperature  for  at  least 
100  h  with  the  last  24  h  failure  free. 

0  All  printed  circuit  boards  exposed 
to  the  mine  environment  be  conformally 
coated  to  prevent  moisture  and  corrosion 
problems . 

0  System  developments  should  involve 
front-end  design  consistent  with  the  cri- 
ticality  of  operation  and  safety  in  a  se- 
vere environment. 
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